Difference between revisions of "Iptables"
From Linux-VServer
(catspec) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | [[Iptables Consolidate requirements]] | + | Problem: The network packet filter, as implemented into Linux kernel, does not provide a concept of "personalties" which allow subsetting a rule set per vserver guest. But by providing guest specific chains, used to direct network packets with source or destination of a given guest, and introducing a mechanism to allow guest to update exclusively this guest specific chain, the outcome is rather similar. |
| − | [[Iptables Collect previous work]] | + | |
| − | [[Iptables Demonstrate workability]] | + | These pages inventarise the efforts of realisation. |
| − | [[Iptables Implementation]] | + | |
| + | * [[Iptables Consolidate requirements]] | ||
| + | * [[Iptables Collect previous work]] | ||
| + | * [[Iptables Demonstrate workability]] | ||
| + | * [[Iptables Implementation]] | ||
| + | |||
| + | online contact: irc.oftc.net, #vserver-iptables | ||
| + | |||
| + | [[Category:Network related]] | ||
Latest revision as of 22:26, 21 October 2011
Problem: The network packet filter, as implemented into Linux kernel, does not provide a concept of "personalties" which allow subsetting a rule set per vserver guest. But by providing guest specific chains, used to direct network packets with source or destination of a given guest, and introducing a mechanism to allow guest to update exclusively this guest specific chain, the outcome is rather similar.
These pages inventarise the efforts of realisation.
- Iptables Consolidate requirements
- Iptables Collect previous work
- Iptables Demonstrate workability
- Iptables Implementation
online contact: irc.oftc.net, #vserver-iptables
